Preventing Symantec Endpoint Protection (SEP) Clients from receiving FULL Antivirus/Antispyware definition packages from a patched Symantec Endpoint Protection Manager (SEPM)

book

Article ID: 178180

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How do ensure my Symantec Endpoint Protection (SEP) clients download delta Antivirus/Antispyware definitions after my SEPM is patched to resolve the 2010 definitions issue?

Resolution

This document explains in detail how to ensure that Symantec Endpoint Protection (SEP) clients that have been configured to update via Internal or Public LiveUpdate (LU) servers during the 2010 Definitions Issue are able to download delta Antivirus and Antispyware definitions once they are reconfigured to download Content Updates from their Symantec Endpoint Protection Manager (SEPM) after the 2010 definitions patch is applied.

For more information on the 2010 definitions issue read Security Content for Symantec Endpoint Protection clients and Symantec Endpoint Protection Managers are dated Dec 31 2009 even when using the latest definitionshttp://service1.symantec.com/support/ent-security.nsf/docid/2010010308571348?Open&seg=ent.

Symantec Endpoint Protection Manager (SEPM) creates delta update packages by comparing a starting version and destination version of two full update packages. The SEPM provides delta packages for any content that meets the following criteria:
  • The SEPM must have a copy of the starting version of the content
  • The SEPM must have a copy of the destination version of the content

In order to ensure that SEP clients can be furnished with delta Antivirus and Antispyware definition updates perform the following steps:
  • For SEP Clients that are still configured to update from their SEPM - No action is required.
  • For SEP Clients that are configured to update through 3rd party content update methods - No action is required.
  • For SEP Clients that are configured update from Internal or Public LiveUpdate servers normally - No action is required.
  • For SEP Clients that are configured to update from Internal or Public LiveUpdate servers temorarily - follow the steps below:

To prevent FULL definition downloads:
  1. Patch the SEPM to resolve the 2010 definitions issue.
  2. Continue updating clients via LiveUpdate until the SEPM has downloaded sufficient Antivirus and Antispyware definitions revisions (recommended at least 3 revisions - or one day's worth)
  3. When sufficient content updates have been downloaded by the SEPM use the following steps to modify the LiveUpdate Settings policy/policies:
    1. Click on the Policies Tab from within the SEPM Console
    2. Select LiveUpdate from the View Policies Pane
    3. Click on the LiveUpdate Settings Tab
    4. For Each LiveUpdate Settings Policy:
      1. Click on the LiveUpdate Settings Policy in the LiveUpdate Settings Tab
      2. Choose Edit the Policy from the Tasks Pane
      3. Select the Server Settings Tab In the LiveUpdate Settings policy Window
      4. Check the Use the default management server (recommended) Check Box
      5. Check the Use a LiveUpdate server Check Box
      6. Click OK to close the LiveUpdate Settings policy editor Window